Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: TR/Drop.Fignotok.24 Befall

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML

Antwort
Alt 28.11.2011, 16:26   #1
1234567890
 
TR/Drop.Fignotok.24 Befall - Standard

TR/Drop.Fignotok.24 Befall



Hallo zusammen,
ich hab mir irgendwo ein Trojaner eingefangen, denn AntiVir entdeckt hat. Ich hab den jetzt erstmal in Quarantäne verschoben. Hier ist schonmal der AntiVir Report:



Avira AntiVir Personal
Erstellungsdatum der Reportdatei: Montag, 28. November 2011 16:14

Es wird nach 3487134 Virenstämmen gesucht.

Das Programm läuft als uneingeschränkte Vollversion.
Online-Dienste stehen zur Verfügung.

Lizenznehmer : Avira AntiVir Personal - Free Antivirus
Seriennummer : 0000149996-ADJIE-0000001
Plattform : Windows 7 x64
Windowsversion : (Service Pack 1) [6.1.7601]
Boot Modus : Normal gebootet
Benutzername : Alexander
Computername : SIXPACK-PC

Versionsinformationen:
BUILD.DAT : 10.2.0.704 Bytes 28.09.2011 13:14:00
AVSCAN.EXE : 10.3.0.7 484008 Bytes 06.07.2011 14:09:35
AVSCAN.DLL : 10.0.5.0 57192 Bytes 06.07.2011 14:09:35
LUKE.DLL : 10.3.0.5 45416 Bytes 06.07.2011 14:09:35
LUKERES.DLL : 10.0.0.0 13672 Bytes 14.01.2010 10:59:47
AVSCPLR.DLL : 10.3.0.7 119656 Bytes 06.07.2011 14:09:35
AVREG.DLL : 10.3.0.9 88833 Bytes 13.07.2011 07:36:16
VBASE000.VDF : 7.10.0.0 19875328 Bytes 06.11.2009 08:05:36
VBASE001.VDF : 7.11.0.0 13342208 Bytes 14.12.2010 18:55:58
VBASE002.VDF : 7.11.3.0 1950720 Bytes 09.02.2011 08:15:52
VBASE003.VDF : 7.11.5.225 1980416 Bytes 07.04.2011 08:35:01
VBASE004.VDF : 7.11.8.178 2354176 Bytes 31.05.2011 06:56:48
VBASE005.VDF : 7.11.10.251 1788416 Bytes 07.07.2011 20:33:00
VBASE006.VDF : 7.11.13.60 6411776 Bytes 16.08.2011 09:33:16
VBASE007.VDF : 7.11.15.106 2389504 Bytes 05.10.2011 10:50:22
VBASE008.VDF : 7.11.18.32 2132992 Bytes 24.11.2011 07:27:54
VBASE009.VDF : 7.11.18.33 2048 Bytes 24.11.2011 07:27:54
VBASE010.VDF : 7.11.18.34 2048 Bytes 24.11.2011 07:27:54
VBASE011.VDF : 7.11.18.35 2048 Bytes 24.11.2011 07:27:54
VBASE012.VDF : 7.11.18.36 2048 Bytes 24.11.2011 07:27:55
VBASE013.VDF : 7.11.18.37 2048 Bytes 24.11.2011 07:27:55
VBASE014.VDF : 7.11.18.38 2048 Bytes 24.11.2011 07:27:55
VBASE015.VDF : 7.11.18.39 2048 Bytes 24.11.2011 07:27:55
VBASE016.VDF : 7.11.18.40 2048 Bytes 24.11.2011 07:27:55
VBASE017.VDF : 7.11.18.41 2048 Bytes 24.11.2011 07:27:55
VBASE018.VDF : 7.11.18.42 2048 Bytes 24.11.2011 07:27:55
VBASE019.VDF : 7.11.18.43 2048 Bytes 24.11.2011 07:27:55
VBASE020.VDF : 7.11.18.44 2048 Bytes 24.11.2011 07:27:55
VBASE021.VDF : 7.11.18.45 2048 Bytes 24.11.2011 07:27:55
VBASE022.VDF : 7.11.18.46 2048 Bytes 24.11.2011 07:27:55
VBASE023.VDF : 7.11.18.47 2048 Bytes 24.11.2011 07:27:55
VBASE024.VDF : 7.11.18.48 2048 Bytes 24.11.2011 07:27:55
VBASE025.VDF : 7.11.18.49 2048 Bytes 24.11.2011 07:27:55
VBASE026.VDF : 7.11.18.50 2048 Bytes 24.11.2011 07:27:55
VBASE027.VDF : 7.11.18.51 2048 Bytes 24.11.2011 07:27:55
VBASE028.VDF : 7.11.18.52 2048 Bytes 24.11.2011 07:27:55
VBASE029.VDF : 7.11.18.53 2048 Bytes 24.11.2011 07:27:55
VBASE030.VDF : 7.11.18.54 2048 Bytes 24.11.2011 07:27:56
VBASE031.VDF : 7.11.18.87 196096 Bytes 28.11.2011 14:16:46
Engineversion : 8.2.6.120
AEVDF.DLL : 8.1.2.2 106868 Bytes 28.10.2011 16:04:00
AESCRIPT.DLL : 8.1.3.87 475516 Bytes 26.11.2011 07:28:03
AESCN.DLL : 8.1.7.2 127349 Bytes 24.11.2010 19:23:04
AESBX.DLL : 8.2.1.34 323957 Bytes 04.06.2011 14:12:42
AERDL.DLL : 8.1.9.15 639348 Bytes 10.09.2011 20:57:39
AEPACK.DLL : 8.2.13.4 684406 Bytes 11.11.2011 09:58:00
AEOFFICE.DLL : 8.1.2.20 201083 Bytes 18.11.2011 07:14:31
AEHEUR.DLL : 8.1.2.193 3850617 Bytes 26.11.2011 07:28:03
AEHELP.DLL : 8.1.18.0 254327 Bytes 28.10.2011 16:03:56
AEGEN.DLL : 8.1.5.14 405877 Bytes 18.11.2011 07:14:25
AEEMU.DLL : 8.1.3.0 393589 Bytes 24.11.2010 19:22:55
AECORE.DLL : 8.1.24.0 196983 Bytes 28.10.2011 16:03:56
AEBB.DLL : 8.1.1.0 53618 Bytes 03.07.2010 19:27:06
AVWINLL.DLL : 10.0.0.0 19304 Bytes 14.01.2010 10:59:10
AVPREF.DLL : 10.0.3.2 44904 Bytes 06.07.2011 14:09:35
AVREP.DLL : 10.0.0.10 174120 Bytes 19.05.2011 09:19:25
AVARKT.DLL : 10.0.26.1 255336 Bytes 06.07.2011 14:09:34
AVEVTLOG.DLL : 10.0.0.9 203112 Bytes 06.07.2011 14:09:35
SQLITE3.DLL : 3.6.19.0 355688 Bytes 28.01.2010 11:57:53
AVSMTP.DLL : 10.0.0.17 63848 Bytes 16.03.2010 14:38:54
NETNT.DLL : 10.0.0.0 11624 Bytes 19.02.2010 13:40:55
RCIMAGE.DLL : 10.0.0.35 2589544 Bytes 06.07.2011 14:09:34
RCTEXT.DLL : 10.0.64.0 98664 Bytes 06.07.2011 14:09:34

Konfiguration für den aktuellen Suchlauf:
Job Name..............................: ShlExt
Konfigurationsdatei...................: C:\Users\ALEXAN~1\AppData\Local\Temp\6e7c6b0d.avp
Protokollierung.......................: standard
Primäre Aktion........................: interaktiv
Sekundäre Aktion......................: ignorieren
Durchsuche Masterbootsektoren.........: ein
Durchsuche Bootsektoren...............: ein
Bootsektoren..........................: C:,
Durchsuche aktive Programme...........: aus
Durchsuche Registrierung..............: aus
Suche nach Rootkits...................: aus
Integritätsprüfung von Systemdateien..: aus
Datei Suchmodus.......................: Intelligente Dateiauswahl
Durchsuche Archive....................: ein
Rekursionstiefe einschränken..........: 20
Archiv Smart Extensions...............: ein
Makrovirenheuristik...................: ein
Dateiheuristik........................: erweitert

Beginn des Suchlaufs: Montag, 28. November 2011 16:14

Der Suchlauf über die ausgewählten Dateien wird begonnen:

Beginne mit der Suche in 'C:\Users\Alexander\AppData\Local'
C:\Users\Alexander\AppData\Local\Google\Chrome\User Data\Default\Cache\f_003a5b
[FUND] Ist das Trojanische Pferd TR/Drop.Fignotok.24

Beginne mit der Desinfektion:
C:\Users\Alexander\AppData\Local\Google\Chrome\User Data\Default\Cache\f_003a5b
[FUND] Ist das Trojanische Pferd TR/Drop.Fignotok.24
[HINWEIS] Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '4ac2051a.qua' verschoben!


Ende des Suchlaufs: Montag, 28. November 2011 16:20
Benötigte Zeit: 05:54 Minute(n)

Der Suchlauf wurde vollständig durchgeführt.

2523 Verzeichnisse wurden überprüft
50374 Dateien wurden geprüft
1 Viren bzw. unerwünschte Programme wurden gefunden
0 Dateien wurden als verdächtig eingestuft
0 Dateien wurden gelöscht
0 Viren bzw. unerwünschte Programme wurden repariert
1 Dateien wurden in die Quarantäne verschoben
0 Dateien wurden umbenannt
0 Dateien konnten nicht durchsucht werden
50373 Dateien ohne Befall
3287 Archive wurden durchsucht
0 Warnungen
1 Hinweise


Die andern Reports Folgen

Alt 28.11.2011, 17:29   #2
1234567890
 
TR/Drop.Fignotok.24 Befall - Standard

TR/Drop.Fignotok.24 Befall



So hier ist die OTL.txt Datei Hoff ihr könnt mir weiterhelfen Und noch ne Frage: Was macht dieser TRojaner genau??


Hier der OLT-LOG:

OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 28.11.2011 16:29:26 - Run 2
OTL by OldTimer - Version 3.2.31.0     Folder = C:\Users\lol\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
4,00 Gb Total Physical Memory | 2,82 Gb Available Physical Memory | 70,47% Memory free
8,00 Gb Paging File | 6,14 Gb Available in Paging File | 76,84% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 458,87 Gb Total Space | 277,28 Gb Free Space | 60,43% Space Free | Partition Type: NTFS
Drive D: | 458,87 Gb Total Space | 448,98 Gb Free Space | 97,84% Space Free | Partition Type: NTFS
Drive E: | 308,62 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
Drive F: | 3,73 Gb Total Space | 0,00 Gb Free Space | 0,09% Space Free | Partition Type: FAT32
Drive H: | 120,03 Mb Total Space | 79,27 Mb Free Space | 66,04% Space Free | Partition Type: FAT
 
Computer Name: SIXPACK-PC | User Name: Sixpack | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2011.11.28 14:29:25 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\lol\Desktop\OTL.exe
PRC - [2011.11.08 11:54:25 | 000,554,160 | ---- | M] (Star Finanz - Software Entwicklung und Vertriebs GmbH) -- C:\Program Files (x86)\StarMoney 7.0\ouservice\StarMoneyOnlineUpdate.exe
PRC - [2011.10.09 17:06:40 | 000,421,736 | ---- | M] (Apple Inc.) -- C:\Users\Public\iTunesHelper.exe
PRC - [2011.09.12 08:58:19 | 000,688,648 | ---- | M] (Star Finanz - Software Entwicklung und Vertriebs GmbH) -- C:\Program Files (x86)\StarMoney 8.0 S-Edition\ouservice\StarMoneyOnlineUpdate.exe
PRC - [2011.08.23 21:20:18 | 000,887,976 | ---- | M] (Ask) -- C:\Program Files (x86)\Ask.com\Updater\Updater.exe
PRC - [2011.08.03 12:50:00 | 002,255,464 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
PRC - [2011.08.03 02:31:42 | 000,379,496 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2011.07.06 15:09:35 | 000,269,480 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
PRC - [2011.05.19 10:19:25 | 000,136,360 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
PRC - [2010.11.14 08:08:59 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
PRC - [2010.05.20 23:59:30 | 011,312,128 | ---- | M] (OpenOffice.org) -- C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
PRC - [2010.05.20 23:59:28 | 011,318,784 | ---- | M] (OpenOffice.org) -- C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
PRC - [2009.11.20 09:17:12 | 000,434,176 | ---- | M] (Sony Ericsson Mobile Communications AB) -- C:\Program Files (x86)\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe
PRC - [2009.10.08 13:23:36 | 000,479,232 | ---- | M] (SAMSUNG ELECTRONICS) -- C:\Program Files (x86)\Samsung\EmoDio\SMSTray.exe
PRC - [2009.09.10 14:42:46 | 000,305,448 | ---- | M] (Egis Technology Inc.) -- C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\MWLService.exe
PRC - [2009.08.28 10:38:58 | 001,150,496 | ---- | M] (Acer Incorporated) -- C:\Program Files (x86)\Acer\Registration\GregHSRW.exe
PRC - [2009.08.27 16:09:10 | 001,253,376 | ---- | M] (MAGIX AG) -- C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe
PRC - [2009.08.12 23:04:44 | 000,062,208 | ---- | M] (NewTech Infosystems, Inc.) -- C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe
PRC - [2009.08.12 22:58:28 | 000,261,888 | ---- | M] (NewTech Infosystems, Inc.) -- C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe
PRC - [2009.08.04 06:09:34 | 000,199,464 | ---- | M] (Egis Technology Inc.) -- C:\Program Files (x86)\EgisTec Egis Software Update\EgisUpdate.exe
PRC - [2009.07.04 02:47:12 | 000,240,160 | ---- | M] (Acer) -- C:\Programme\Acer\Acer Updater\UpdaterService.exe
PRC - [2009.05.14 17:07:14 | 000,759,048 | ---- | M] (ABBYY) -- C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe
PRC - [2009.04.30 10:23:26 | 000,090,112 | ---- | M] () -- C:\Program Files (x86)\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe
PRC - [2009.04.25 01:21:04 | 000,360,448 | ---- | M] () -- C:\Windows\tsnpstd3.exe
PRC - [2007.05.11 03:18:26 | 000,835,584 | ---- | M] () -- C:\Windows\vsnpstd3.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2011.06.24 21:56:36 | 000,087,328 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011.06.24 21:56:14 | 001,241,888 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2010.05.04 15:36:28 | 000,970,752 | ---- | M] () -- C:\Program Files (x86)\OpenOffice.org 3\program\libxml2.dll
MOD - [2009.11.20 13:45:06 | 000,294,912 | ---- | M] () -- C:\Program Files (x86)\Sony Ericsson\Sony Ericsson PC Suite\Calendar.dll
MOD - [2009.11.17 13:03:10 | 000,745,472 | ---- | M] () -- C:\Program Files (x86)\Sony Ericsson\Sony Ericsson PC Suite\MmsKrnl.dll
MOD - [2009.10.13 08:45:30 | 000,225,280 | ---- | M] () -- C:\Program Files (x86)\Sony Ericsson\Sony Ericsson PC Suite\VistaCalendar.dll
MOD - [2009.10.05 15:54:20 | 000,200,704 | ---- | M] () -- C:\Program Files (x86)\Sony Ericsson\Sony Ericsson PC Suite\LogoEdit.dll
MOD - [2009.07.29 10:43:08 | 000,155,648 | ---- | M] () -- C:\Program Files (x86)\Sony Ericsson\Sony Ericsson PC Suite\CAgdLNote.dll
MOD - [2009.06.24 14:48:04 | 000,282,624 | ---- | M] () -- C:\Program Files (x86)\Sony Ericsson\Sony Ericsson PC Suite\MESSAGING.dll
MOD - [2009.06.16 16:10:48 | 000,155,648 | ---- | M] () -- C:\Program Files (x86)\Sony Ericsson\Sony Ericsson PC Suite\Contacts.dll
MOD - [2009.06.03 16:25:48 | 000,053,248 | ---- | M] () -- C:\Program Files (x86)\Sony Ericsson\Sony Ericsson PC Suite\VObject.dll
MOD - [2009.04.28 10:17:58 | 000,208,896 | ---- | M] () -- C:\Program Files (x86)\Sony Ericsson\Sony Ericsson PC Suite\CAgdOutlook.dll
MOD - [2009.04.25 01:21:04 | 000,360,448 | ---- | M] () -- C:\Windows\tsnpstd3.exe
MOD - [2009.04.01 07:33:10 | 000,106,496 | ---- | M] () -- C:\Program Files (x86)\Sony Ericsson\Sony Ericsson PC Suite\CalEngine.dll
MOD - [2009.03.26 14:41:32 | 000,315,392 | ---- | M] () -- C:\Program Files (x86)\Sony Ericsson\Sony Ericsson PC Suite\MelodyEdit.dll
MOD - [2009.02.03 01:33:56 | 000,460,199 | ---- | M] () -- C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\sqlite3.dll
MOD - [2008.11.07 14:05:06 | 000,196,608 | ---- | M] () -- C:\Program Files (x86)\Sony Ericsson\Sony Ericsson PC Suite\Report.dll
MOD - [2007.05.11 03:18:26 | 000,835,584 | ---- | M] () -- C:\Windows\vsnpstd3.exe
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - [2011.06.30 08:37:30 | 002,528,096 | ---- | M] (COMODO) [Auto | Running] -- C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe -- (cmdAgent)
SRV - [2011.11.08 11:54:25 | 000,554,160 | ---- | M] (Star Finanz - Software Entwicklung und Vertriebs GmbH) [Auto | Running] -- C:\Program Files (x86)\StarMoney 7.0\ouservice\StarMoneyOnlineUpdate.exe -- (StarMoney 7.0 OnlineUpdate)
SRV - [2011.09.12 08:58:19 | 000,688,648 | ---- | M] (Star Finanz - Software Entwicklung und Vertriebs GmbH) [Auto | Running] -- C:\Program Files (x86)\StarMoney 8.0 S-Edition\ouservice\StarMoneyOnlineUpdate.exe -- (StarMoney 8.0 OnlineUpdate)
SRV - [2011.08.03 12:50:00 | 002,255,464 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe -- (nvUpdatusService)
SRV - [2011.08.03 02:31:42 | 000,379,496 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2011.07.06 15:09:35 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011.05.26 04:43:26 | 000,161,080 | ---- | M] (COMODO) [Auto | Running] -- C:\Programme\COMODO\COMODO GeekBuddy\CLPSLS.exe -- (CLPSLS)
SRV - [2011.05.19 10:19:25 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2010.08.13 08:13:32 | 000,066,112 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Program Files (x86)\NOS\bin\getPlus_Helper_3004.dll -- (nosGetPlusHelper) getPlus(R)
SRV - [2010.03.18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009.09.20 11:55:20 | 001,037,824 | ---- | M] (Hewlett-Packard Co.) [Auto | Running] -- C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL -- (HPSLPSVC)
SRV - [2009.09.10 14:42:46 | 000,305,448 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\\MWLService.exe -- (MWLService)
SRV - [2009.08.28 10:38:58 | 001,150,496 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files (x86)\Acer\Registration\GregHSRW.exe -- (Greg_Service)
SRV - [2009.08.27 16:09:10 | 001,253,376 | ---- | M] (MAGIX AG) [Unknown | Running] -- C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe -- (Fabs)
SRV - [2009.08.25 18:38:06 | 000,935,208 | ---- | M] (Nero AG) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe -- (Nero BackItUp Scheduler 4.0)
SRV - [2009.08.12 23:04:44 | 000,062,208 | ---- | M] (NewTech Infosystems, Inc.) [Auto | Running] -- C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe -- (NTI IScheduleSvc)
SRV - [2009.07.04 02:47:12 | 000,240,160 | ---- | M] (Acer) [Auto | Running] -- C:\Programme\Acer\Acer Updater\UpdaterService.exe -- (Updater Service)
SRV - [2009.06.10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009.05.14 17:07:14 | 000,759,048 | ---- | M] (ABBYY) [Auto | Running] -- C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe -- (ABBYY.Licensing.FineReader.Sprint.9.0)
SRV - [2009.04.30 10:23:26 | 000,090,112 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe -- (OMSI download service)
SRV - [2009.04.19 16:34:48 | 000,625,184 | ---- | M] () [Auto | Running] -- C:\Programme\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe -- (ForceWare Intelligent Application Manager (IAM)) ForceWare Intelligent Application Manager (IAM)
SRV - [2009.04.19 16:34:48 | 000,207,904 | ---- | M] () [Auto | Running] -- C:\Programme\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe -- (nSvcIp)
SRV - [2008.08.07 10:10:02 | 003,276,800 | ---- | M] (MAGIX®) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe -- (FirebirdServerMAGIXInstance)
SRV - [2007.05.31 16:11:54 | 000,443,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm)
SRV - [2007.05.31 16:11:46 | 000,225,672 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2011.07.06 15:09:35 | 000,123,784 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb)
DRV:64bit: - [2011.07.06 15:09:35 | 000,088,288 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2011.05.25 08:25:48 | 000,174,184 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2011.05.10 07:06:08 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2011.03.11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010.11.20 14:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.11.20 12:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2009.07.18 07:31:22 | 010,951,552 | ---- | M] (Sonix Co. Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\snpstd3.sys -- (SNPSTD3) USB PC Camera (SNPSTD3)
DRV:64bit: - [2009.07.14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.07.14 01:39:20 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WSDPrint.sys -- (WSDPrintDevice)
DRV:64bit: - [2009.07.14 01:35:37 | 000,025,088 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WSDScan.sys -- (WSDScan)
DRV:64bit: - [2009.06.10 21:35:35 | 000,408,960 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nvm62x64.sys -- (NVENETFD)
DRV:64bit: - [2009.06.10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009.06.02 12:15:30 | 000,060,464 | ---- | M] (Egis Technology Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDVDisk.sys -- (mwlPSDVDisk)
DRV:64bit: - [2009.06.02 12:15:30 | 000,022,576 | ---- | M] (Egis Technology Inc.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDFilter.sys -- (mwlPSDFilter)
DRV:64bit: - [2009.06.02 12:15:30 | 000,020,016 | ---- | M] (Egis Technology Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDNserv.sys -- (mwlPSDNServ)
DRV:64bit: - [2009.05.18 12:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2009.05.06 00:46:08 | 000,018,432 | ---- | M] (NewTech Infosystems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NTIDrvr.sys -- (NTIDrvr)
DRV:64bit: - [2009.05.06 00:46:08 | 000,016,896 | ---- | M] (NewTech Infosystems Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\UBHelper.sys -- (UBHelper)
DRV:64bit: - [2009.04.30 06:06:58 | 000,339,360 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvmf6264.sys -- (NVNET)
DRV:64bit: - [2008.10.21 08:22:44 | 000,145,960 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s0017unic.sys -- (s0017unic) Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (WDM)
DRV:64bit: - [2008.10.21 08:22:44 | 000,128,552 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s0017obex.sys -- (s0017obex)
DRV:64bit: - [2008.10.21 08:22:44 | 000,034,856 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s0017nd5.sys -- (s0017nd5) Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (NDIS)
DRV:64bit: - [2008.10.21 08:22:42 | 000,152,616 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s0017mdm.sys -- (s0017mdm)
DRV:64bit: - [2008.10.21 08:22:42 | 000,133,160 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s0017mgmt.sys -- (s0017mgmt) Sony Ericsson Device 0017 USB WMC Device Management Drivers (WDM)
DRV:64bit: - [2008.10.21 08:22:42 | 000,019,496 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s0017mdfl.sys -- (s0017mdfl)
DRV:64bit: - [2008.10.21 08:22:40 | 000,113,704 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s0017bus.sys -- (s0017bus) Sony Ericsson Device 0017 driver (WDM)
DRV:64bit: - [2008.05.16 10:33:06 | 000,158,760 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s0016mdm.sys -- (s0016mdm)
DRV:64bit: - [2008.05.16 10:33:06 | 000,151,592 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s0016unic.sys -- (s0016unic) Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (WDM)
DRV:64bit: - [2008.05.16 10:33:06 | 000,137,256 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s0016mgmt.sys -- (s0016mgmt) Sony Ericsson Device 0016 USB WMC Device Management Drivers (WDM)
DRV:64bit: - [2008.05.16 10:33:06 | 000,136,744 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s0016obex.sys -- (s0016obex)
DRV:64bit: - [2008.05.16 10:33:06 | 000,034,344 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s0016nd5.sys -- (s0016nd5) Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (NDIS)
DRV:64bit: - [2008.05.16 10:33:04 | 000,019,496 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s0016mdfl.sys -- (s0016mdfl)
DRV:64bit: - [2008.05.16 10:32:56 | 000,115,240 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s0016bus.sys -- (s0016bus) Sony Ericsson Device 0016 driver (WDM)
DRV - [2009.07.14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2009.07.03 23:15:12 | 010,526,464 | ---- | M] (Sonix Co. Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\snpstd3.sys -- (SNPSTD3) USB PC Camera (SNPSTD3)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_x1301&r=17360410ln07974380t15bh4k1tl30
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_x1301&r=17360410ln07974380t15bh4k1tl30
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_x1301&r=17360410ln07974380t15bh4k1tl30
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_x1301&r=17360410ln07974380t15bh4k1tl30
IE - HKLM\..\URLSearchHook: {fc2b76fc-2132-4d80-a9a3-1f5c6e49066b} - C:\Program Files (x86)\ZoneAlarm-Sicherheit\tbZone.dll (Conduit Ltd.)
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-2104053648-4281570344-1924351648-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_x1301&r=17360410ln07974380t15bh4k1tl30
IE - HKU\S-1-5-21-2104053648-4281570344-1924351648-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2613550
IE - HKU\S-1-5-21-2104053648-4281570344-1924351648-1001\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
IE - HKU\S-1-5-21-2104053648-4281570344-1924351648-1001\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - No CLSID value found
IE - HKU\S-1-5-21-2104053648-4281570344-1924351648-1001\..\URLSearchHook: {fc2b76fc-2132-4d80-a9a3-1f5c6e49066b} - C:\Program Files (x86)\ZoneAlarm-Sicherheit\tbZone.dll (Conduit Ltd.)
IE - HKU\S-1-5-21-2104053648-4281570344-1924351648-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2104053648-4281570344-1924351648-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
IE - HKU\S-1-5-21-2104053648-4281570344-1924351648-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_x1301&r=17360410ln07974380t15bh4k1tl30
IE - HKU\S-1-5-21-2104053648-4281570344-1924351648-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_x1301&r=17360410ln07974380t15bh4k1tl30
IE - HKU\S-1-5-21-2104053648-4281570344-1924351648-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultthis.engineName: "ZoneAlarm-Sicherheit Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2613550&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.startup.homepage: "www.google.de"
FF - prefs.js..extensions.enabledItems: {195A3098-0BD5-4e90-AE22-BA1C540AFD1E}:2.9.3
FF - prefs.js..extensions.enabledItems: {fc2b76fc-2132-4d80-a9a3-1f5c6e49066b}:3.3.3.2
FF - prefs.js..extensions.enabledItems: {E2883E8F-472F-4fb0-9522-AC9BF37916A7}:1.6.2.90
FF - prefs.js..extensions.enabledItems: smartwebprinting@hp.com:4.51
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.9.3
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: tineye@ideeinc.com:1.1
FF - prefs.js..keyword.URL: "chrome://browser-region/locale/region.properties"
 
 
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Users\Public\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nosltd.com/getPlus+(R),version=1.6.2.90: C:\Program Files (x86)\NOS\bin\np_gp.dll (NOS Microsystems Ltd.)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\gacela2@nurago.com: [INSTALLDIR]
64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}: C:\PROGRAM FILES\CHECKPOINT\ZAFORCEFIELD\TRUSTCHECKER
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}: C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010.11.05 22:55:01 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011.11.09 14:14:56 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011.08.18 08:41:47 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010.11.05 22:55:01 | 000,000,000 | ---D | M]
 
[2010.04.20 15:04:36 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Sixpack\AppData\Roaming\mozilla\Extensions
[2011.11.12 18:52:04 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Sixpack\AppData\Roaming\mozilla\Firefox\Profiles\2fow9ay7.default\extensions
[2011.08.26 15:08:44 | 000,000,000 | ---D | M] (Garmin Communicator) -- C:\Users\Sixpack\AppData\Roaming\mozilla\Firefox\Profiles\2fow9ay7.default\extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E}
[2011.10.28 22:39:06 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\Sixpack\AppData\Roaming\mozilla\Firefox\Profiles\2fow9ay7.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2011.11.12 18:52:04 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Users\Sixpack\AppData\Roaming\mozilla\Firefox\Profiles\2fow9ay7.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
[2011.11.07 17:36:36 | 000,000,000 | ---D | M] (ZoneAlarm-Sicherheit Community Toolbar) -- C:\Users\Sixpack\AppData\Roaming\mozilla\Firefox\Profiles\2fow9ay7.default\extensions\{fc2b76fc-2132-4d80-a9a3-1f5c6e49066b}
[2011.05.28 16:43:27 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Sixpack\AppData\Roaming\mozilla\Firefox\Profiles\2fow9ay7.default\extensions\nostmp
[2011.05.17 22:10:43 | 000,000,000 | ---D | M] (TinEye Reverse Image Search) -- C:\Users\Sixpack\AppData\Roaming\mozilla\Firefox\Profiles\2fow9ay7.default\extensions\tineye@ideeinc.com
[2010.08.27 22:05:00 | 000,000,943 | ---- | M] () -- C:\Users\Sixpack\AppData\Roaming\Mozilla\Firefox\Profiles\2fow9ay7.default\searchplugins\conduit.xml
[2011.11.09 14:15:05 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2011.11.09 14:15:05 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}
[2011.11.09 14:14:56 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011.10.03 05:06:04 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2011.10.03 22:50:42 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2011.10.03 22:50:42 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2011.10.03 22:50:42 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2011.10.03 22:50:42 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2011.10.03 22:50:42 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2011.10.03 22:50:42 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (no name) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - No CLSID value found.
O2:64bit: - BHO: (GfK Internet-Monitor) - {4BEEA052-726D-4A6E-B65D-A6BD07C263F3} - C:\Program Files (x86)\GfK Internet-Monitor\x64\Gacela2.dll File not found
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.7.6406.1642\swg64.dll (Google Inc.)
O2:64bit: - BHO: (no name) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - No CLSID value found.
O2 - BHO: (no name) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - No CLSID value found.
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (ZoneAlarm Toolbar Registrar) - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll File not found
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.6406.1642\swg.dll (Google Inc.)
O2 - BHO: (no name) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - No CLSID value found.
O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O2 - BHO: (ZoneAlarm-Sicherheit Toolbar) - {fc2b76fc-2132-4d80-a9a3-1f5c6e49066b} - C:\Program Files (x86)\ZoneAlarm-Sicherheit\tbZone.dll (Conduit Ltd.)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (ZoneAlarm Toolbar) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll File not found
O3 - HKLM\..\Toolbar: (ZoneAlarm-Sicherheit Toolbar) - {fc2b76fc-2132-4d80-a9a3-1f5c6e49066b} - C:\Program Files (x86)\ZoneAlarm-Sicherheit\tbZone.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3:64bit: - HKU\S-1-5-21-2104053648-4281570344-1924351648-1001\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:64bit: - HKU\S-1-5-21-2104053648-4281570344-1924351648-1001\..\Toolbar\WebBrowser: (ZoneAlarm Toolbar) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll File not found
O3 - HKU\S-1-5-21-2104053648-4281570344-1924351648-1001\..\Toolbar\WebBrowser: (ZoneAlarm Toolbar) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll File not found
O3:64bit: - HKU\S-1-5-21-2104053648-4281570344-1924351648-1006\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:64bit: - HKU\S-1-5-21-2104053648-4281570344-1924351648-1006\..\Toolbar\WebBrowser: (ZoneAlarm Toolbar) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll File not found
O3 - HKU\S-1-5-21-2104053648-4281570344-1924351648-1006\..\Toolbar\WebBrowser: (ZoneAlarm Toolbar) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll File not found
O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [COMODO Internet Security] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO)
O4:64bit: - HKLM..\Run: [ISW] "C:\Program Files\CheckPoint\ZAForceField\ForceField.exe" /icon="hidden" File not found
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Programme\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [snpstd3] C:\Windows\vsnpstd3.exe ()
O4:64bit: - HKLM..\Run: [Windows Mobile-based device management] C:\Windows\WindowsMobile\wmdcBase.exe (Microsoft Corporation)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [ApnUpdater] C:\Program Files (x86)\Ask.com\Updater\Updater.exe (Ask)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [BackupManagerTray] C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe (NewTech Infosystems, Inc.)
O4 - HKLM..\Run: [COMODO] C:\Programme\COMODO\COMODO GeekBuddy\CLPSLA.exe (COMODO)
O4 - HKLM..\Run: [CPA] C:\Programme\COMODO\COMODO GeekBuddy\VALA.exe (COMODO)
O4 - HKLM..\Run: [EgisTecLiveUpdate] C:\Program Files (x86)\EgisTec Egis Software Update\EgisUpdate.exe (Egis Technology Inc.)
O4 - HKLM..\Run: [iTunesHelper] C:\Users\Public\iTunesHelper.exe (Apple Inc.)
O4 - HKLM..\Run: [SMSTray] C:\Program Files (x86)\Samsung\EmoDio\SMSTray.exe (SAMSUNG ELECTRONICS)
O4 - HKLM..\Run: [snpstd3] C:\Windows\vsnpstd3.exe ()
O4 - HKLM..\Run: [TrayServer] C:\Program Files (x86)\MAGIX\Video_deluxe_17_Premium_Download-Version\TrayServer.exe (MAGIX AG)
O4 - HKLM..\Run: [tsnpstd3] C:\Windows\tsnpstd3.exe ()
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-2104053648-4281570344-1924351648-1001..\Run: [EPSON SX420W Series] C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIGCE.EXE /FU "C:\Windows\TEMP\E_S8AC9.tmp" /EF "HKCU" File not found
O4 - HKU\S-1-5-21-2104053648-4281570344-1924351648-1001..\Run: [EPSON227F53 (Epson Stylus SX420W)] C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIGCE.EXE /FU "C:\Windows\TEMP\E_SFF2.tmp" /EF "HKCU" File not found
O4 - HKU\S-1-5-21-2104053648-4281570344-1924351648-1006..\Run: [AdobeBridge]  File not found
O4 - HKU\S-1-5-21-2104053648-4281570344-1924351648-1006..\Run: [RfxSrvTray] "D:\Tobit Radio.fx\Client\rfx-tray.exe" File not found
O4 - HKU\S-1-5-21-2104053648-4281570344-1924351648-1006..\Run: [Sony Ericsson PC Suite] C:\Program Files (x86)\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe (Sony Ericsson Mobile Communications AB)
O4 - HKU\S-1-5-21-2104053648-4281570344-1924351648-1014..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-21-2104053648-4281570344-1924351648-1014..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-21-2104053648-4281570344-1924351648-1014..\RunOnce: [ScrSav] C:\Program Files (x86)\Acer\Screensaver\run_Acer.exe ()
O4 - Startup: C:\Users\lol\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
O4 - Startup: C:\Users\lol3\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
O4 - Startup: C:\Users\lol4\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutorun = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutorun = 0
O7 - HKU\S-1-5-21-2104053648-4281570344-1924351648-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2104053648-4281570344-1924351648-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutorun = 0
O7 - HKU\S-1-5-21-2104053648-4281570344-1924351648-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKU\S-1-5-21-2104053648-4281570344-1924351648-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O7 - HKU\S-1-5-21-2104053648-4281570344-1924351648-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2104053648-4281570344-1924351648-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKU\S-1-5-21-2104053648-4281570344-1924351648-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O8:64bit: - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found
O8:64bit: - Extra context menu item: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll (Google Inc.)
O8:64bit: - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~2\MICROS~1\OFFICE11\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll (Google Inc.)
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~2\MICROS~1\OFFICE11\EXCEL.EXE/3000 File not found
O9:64bit: - Extra 'Tools' menuitem : Über GfK Internet-Monitor - {4BEEA052-726D-4A6E-B65D-A6BD07C263F3} - C:\Program Files (x86)\GfK Internet-Monitor\x64\Gacela2.dll File not found
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5A4F0A5F-8EA0-44EA-AF9A-AB6E3FBD2D6E}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5A4F0A5F-8EA0-44EA-AF9A-AB6E3FBD2D6E}: NameServer = 156.154.70.25,156.154.71.25
O18:64bit: - Protocol\Handler\dssrequest - No CLSID value found
O18:64bit: - Protocol\Handler\ipp - No CLSID value found
O18:64bit: - Protocol\Handler\ipp\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\mso-offdap - No CLSID value found
O18:64bit: - Protocol\Handler\mso-offdap11 - No CLSID value found
O18:64bit: - Protocol\Handler\sacore - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18 - Protocol\Handler\dssrequest - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\PROGRA~2\COMMON~1\MICROS~1\WEBCOM~1\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\PROGRA~2\COMMON~1\MICROS~1\WEBCOM~1\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\sacore - No CLSID value found
O18:64bit: - Protocol\Filter\text/xml - No CLSID value found
O20:64bit: - AppInit_DLLs: (C:\Windows\system32\guard64.dll) - C:\Windows\SysNative\guard64.dll (COMODO)
O20 - AppInit_DLLs: (C:\Windows\SysWOW64\guard32.dll) -C:\Windows\SysWOW64\guard32.dll (COMODO)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) -C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010.08.12 18:40:55 | 000,000,030 | RH-- | M] () - E:\AUTORUN.INF -- [ CDFS ]
O32 - AutoRun File - [2009.12.14 10:00:22 | 000,008,192 | ---- | M] (Microsoft) - F:\AutoOff.exe -- [ FAT32 ]
O32 - AutoRun File - [2010.02.25 08:56:20 | 000,000,070 | ---- | M] () - F:\autorun.unf -- [ FAT32 ]
O33 - MountPoints2\{e963ec6f-76a7-11df-828f-00262d1b4b13}\Shell - "" = AutoRun
O33 - MountPoints2\{e963ec6f-76a7-11df-828f-00262d1b4b13}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
ActiveX:64bit: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Webordner
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
 
MsConfig:64bit - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk - C:\PROGRA~2\HP\DIGITA~1\bin\hpqtra08.exe - (Hewlett-Packard Co.)
MsConfig:64bit - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Radio.fx.LNK -  - File not found
MsConfig:64bit - StartUpFolder: C:^Users^Sixpack^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.2.lnk - C:\PROGRA~2\OPENOF~1.ORG\program\QUICKS~1.EXE - ()
MsConfig:64bit - StartUpReg: FixCamera - hkey= - key= - C:\Windows\FixCamera.exe ()
MsConfig:64bit - StartUpReg: GfKWatchDog - hkey= - key= -  File not found
MsConfig:64bit - StartUpReg: Hotkey Utility - hkey= - key= - C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe ()
MsConfig:64bit - StartUpReg: HP Software Update - hkey= - key= - C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe (Hewlett-Packard)
MsConfig:64bit - StartUpReg: hpqSRMon - hkey= - key= - C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe (Hewlett-Packard)
MsConfig:64bit - StartUpReg: iTunesHelper - hkey= - key= - C:\Users\Public\iTunesHelper.exe (Apple Inc.)
MsConfig:64bit - StartUpReg: msnmsgr - hkey= - key= - C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation)
MsConfig:64bit - StartUpReg: mwlDaemon - hkey= - key= - C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe (Egis Technology Inc.)
MsConfig:64bit - StartUpReg: NortonOnlineBackupReminder - hkey= - key= - C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe (Symantec Corporation)
MsConfig:64bit - StartUpReg: QuickTime Task - hkey= - key= - C:\Program Files (x86)\QuickTime\QTTask.exe (Apple Inc.)
MsConfig:64bit - StartUpReg: rfxsrvtray - hkey= - key= -  File not found
MsConfig:64bit - StartUpReg: SMSTray - hkey= - key= - C:\Program Files (x86)\Samsung\EmoDio\SMSTray.exe (SAMSUNG ELECTRONICS)
MsConfig:64bit - StartUpReg: snpstd3 - hkey= - key= - C:\Windows\vsnpstd3.exe ()
MsConfig:64bit - StartUpReg: Sony Ericsson PC Suite - hkey= - key= - C:\Program Files (x86)\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe (Sony Ericsson Mobile Communications AB)
MsConfig:64bit - StartUpReg: swg - hkey= - key= - C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
MsConfig:64bit - State: "startup" - Reg Error: Key error.
MsConfig:64bit - State: "services" - Reg Error: Key error.
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2011.11.24 17:42:04 | 000,000,000 | ---D | C] -- C:\tmp
[2011.11.24 16:55:55 | 000,000,000 | ---D | C] -- C:\Users\Sixpack\AppData\Local\MAGIX
[2011.11.20 20:11:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth
[2011.11.12 21:13:03 | 000,000,000 | ---D | C] -- C:\Users\Sixpack\AppData\Roaming\gtk-2.0
[2011.11.12 21:10:40 | 000,000,000 | ---D | C] -- C:\Users\Sixpack\Documents\gegl-0.0
[2011.11.12 21:10:40 | 000,000,000 | ---D | C] -- C:\Users\Sixpack\.gimp-2.6
[2011.11.10 16:37:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GIMP
[2011.11.10 16:37:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\GIMP-2.0
[2011.11.09 14:25:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Ask.com
[2011.11.09 14:15:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2011.11.09 14:15:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Ask
[2010.07.14 17:08:19 | 000,148,736 | ---- | C] (Avanquest Software) -- C:\ProgramData\hpeC126.dll
[2010.07.03 18:22:09 | 000,061,440 | ---- | C] ( ) -- C:\Windows\SysWow64\vsnpstd3.dll
[2010.07.03 18:22:08 | 000,163,840 | ---- | C] ( ) -- C:\Windows\SysWow64\rsnpstd3.dll
[2010.07.03 18:22:08 | 000,053,248 | ---- | C] ( ) -- C:\Windows\csnpstd3.dll
[2009.10.17 03:04:41 | 000,036,136 | ---- | C] (Oberon Media) -- C:\ProgramData\FullRemove.exe
[7 C:\Users\Sixpack\Documents\*.tmp files -> C:\Users\Sixpack\Documents\*.tmp -> ]
[2 C:\Windows\SysNative\drivers\*.tmp files -> C:\Windows\SysNative\drivers\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2011.11.28 16:27:00 | 000,001,136 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2104053648-4281570344-1924351648-1005UA.job
[2011.11.28 16:27:00 | 000,001,084 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2104053648-4281570344-1924351648-1005Core.job
[2011.11.28 16:12:23 | 000,001,110 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011.11.28 16:12:16 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011.11.28 16:12:16 | 000,001,140 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2104053648-4281570344-1924351648-1003UA.job
[2011.11.28 15:43:00 | 000,001,136 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2104053648-4281570344-1924351648-1006UA.job
[2011.11.28 14:30:09 | 000,000,000 | ---- | M] () -- C:\Users\Sixpack\defogger_reenable
[2011.11.28 14:09:43 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011.11.28 10:42:07 | 000,009,696 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011.11.28 10:42:07 | 000,009,696 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011.11.28 10:34:28 | 3220,082,688 | -HS- | M] () -- C:\hiberfil.sys
[2011.11.27 19:43:00 | 000,001,084 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2104053648-4281570344-1924351648-1006Core.job
[2011.11.27 19:20:44 | 013,590,952 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2011.11.27 19:20:44 | 004,435,894 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011.11.27 19:20:44 | 004,185,560 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2011.11.27 19:20:44 | 003,756,162 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011.11.27 19:20:44 | 000,005,206 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011.11.27 19:04:32 | 000,001,088 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2104053648-4281570344-1924351648-1003Core.job
[2011.11.25 07:53:38 | 005,042,744 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2011.11.24 16:55:34 | 000,001,004 | ---- | M] () -- C:\Users\Public\Desktop\MAGIX Video Pro X3 Download-Version.lnk
[2011.11.24 09:01:56 | 000,001,802 | ---- | M] () -- C:\Users\Sixpack\AppData\Roaming\wklnhst.dat
[2011.11.21 21:47:23 | 000,006,601 | ---- | M] () -- C:\Users\Sixpack\.recently-used.xbel
[2011.11.20 20:11:37 | 000,002,216 | ---- | M] () -- C:\Users\Public\Desktop\Google Earth.lnk
[2011.11.10 16:37:40 | 000,001,103 | ---- | M] () -- C:\Users\Public\Desktop\GIMP 2.lnk
[7 C:\Users\Sixpack\Documents\*.tmp files -> C:\Users\Sixpack\Documents\*.tmp -> ]
[2 C:\Windows\SysNative\drivers\*.tmp files -> C:\Windows\SysNative\drivers\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2011.11.28 14:30:09 | 000,000,000 | ---- | C] () -- C:\Users\Sixpack\defogger_reenable
[2011.11.24 16:55:34 | 000,001,004 | ---- | C] () -- C:\Users\Public\Desktop\MAGIX Video Pro X3 Download-Version.lnk
[2011.11.21 21:47:23 | 000,006,601 | ---- | C] () -- C:\Users\Sixpack\.recently-used.xbel
[2011.11.20 20:11:37 | 000,002,216 | ---- | C] () -- C:\Users\Public\Desktop\Google Earth.lnk
[2011.11.10 16:37:40 | 000,001,103 | ---- | C] () -- C:\Users\Public\Desktop\GIMP 2.lnk
[2011.08.03 02:31:54 | 000,311,912 | ---- | C] () -- C:\Windows\SysWow64\nvStreaming.exe
[2011.06.26 16:43:41 | 000,000,000 | ---- | C] () -- C:\Users\Sixpack\AppData\Local\{610979ED-ADD8-49F2-94DC-02DB2645D0D7}
[2011.03.26 08:51:07 | 000,027,648 | ---- | C] () -- C:\Windows\SysWow64\AVSredirect.dll
[2010.11.05 22:51:14 | 000,245,227 | ---- | C] () -- C:\Windows\hpoins19.dat
[2010.11.05 22:51:14 | 000,013,898 | ---- | C] () -- C:\Windows\hpomdl19.dat
[2010.07.07 22:47:57 | 000,000,290 | ---- | C] () -- C:\Windows\bctester_de.INI
[2010.07.03 18:22:11 | 000,020,480 | ---- | C] () -- C:\Windows\FixCamera.exe
[2010.07.03 18:22:10 | 000,835,584 | ---- | C] () -- C:\Windows\vsnpstd3.exe
[2010.07.03 18:22:10 | 000,360,448 | ---- | C] () -- C:\Windows\tsnpstd3.exe
[2010.07.03 18:22:10 | 000,015,498 | ---- | C] () -- C:\Windows\snpstd3.ini
[2010.06.21 22:49:56 | 000,554,496 | ---- | C] () -- C:\Windows\SysWow64\dvmsg.dll
[2010.06.13 17:28:23 | 000,092,160 | ---- | C] () -- C:\Users\Sixpack\AppData\Roaming\mdbu.bin
[2010.05.31 18:36:10 | 000,004,096 | -H-- | C] () -- C:\Users\Sixpack\AppData\Local\keyfile3.drm
[2010.05.22 06:32:19 | 000,000,064 | ---- | C] () -- C:\Windows\3DWarehouseClient.INI
[2010.05.22 06:31:55 | 000,000,080 | RHS- | C] () -- C:\Windows\3DXCT.BIN
[2010.05.09 11:37:33 | 000,000,746 | ---- | C] () -- C:\Windows\MusicEditor.INI
[2010.05.06 18:43:49 | 000,120,200 | ---- | C] () -- C:\Windows\SysWow64\DLLDEV32i.dll
[2010.04.23 09:40:25 | 000,000,400 | ---- | C] () -- C:\Windows\ODBC.INI
[2010.04.21 19:55:29 | 000,001,802 | ---- | C] () -- C:\Users\Sixpack\AppData\Roaming\wklnhst.dat
[2010.04.20 15:04:26 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2009.10.08 13:23:54 | 000,921,600 | ---- | C] () -- C:\Windows\SysWow64\vorbisenc.dll
[2009.10.08 13:23:54 | 000,237,568 | ---- | C] () -- C:\Windows\SysWow64\OggDS.dll
[2009.10.08 13:23:54 | 000,188,416 | ---- | C] () -- C:\Windows\SysWow64\vorbis.dll
[2009.10.08 13:23:54 | 000,045,056 | ---- | C] () -- C:\Windows\SysWow64\Ogg.dll
[2009.09.30 12:05:48 | 000,290,816 | ---- | C] () -- C:\Windows\SysWow64\nsldap32v60.dll
[2009.07.14 06:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009.07.14 03:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009.07.14 03:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009.07.14 01:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009.07.14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009.07.13 22:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009.06.10 22:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2008.10.30 18:00:22 | 000,048,640 | ---- | C] () -- C:\Windows\SysWow64\nsldapssl32v60.dll
[2008.10.30 17:59:24 | 000,025,088 | ---- | C] () -- C:\Windows\SysWow64\nsldappr32v60.dll
[2007.02.12 22:05:38 | 000,121,344 | ---- | C] () -- C:\Windows\SysWow64\SCLS.DLL
[2004.12.14 17:55:22 | 000,000,019 | ---- | C] () -- C:\Windows\SysWow64\nsldapssl32v50.dll
[2004.12.14 17:55:22 | 000,000,019 | ---- | C] () -- C:\Windows\SysWow64\nsldappr32v50.dll
[2004.12.14 17:55:22 | 000,000,019 | ---- | C] () -- C:\Windows\SysWow64\nsldap32v50.dll
[2003.02.20 16:53:42 | 000,005,702 | ---- | C] () -- C:\Windows\SysWow64\OUTLPERF.INI
 
========== LOP Check ==========
 
[2010.12.22 12:23:16 | 000,000,000 | -HSD | M] -- C:\Users\lol\AppData\Roaming\.#
[2011.03.01 20:29:47 | 000,000,000 | ---D | M] -- C:\Users\lol\AppData\Roaming\Acreon
[2011.04.25 19:02:14 | 000,000,000 | ---D | M] -- C:\Users\lol\AppData\Roaming\Canneverbe Limited
[2010.08.18 14:25:06 | 000,000,000 | ---D | M] -- C:\Users\lol\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2010.09.27 09:01:56 | 000,000,000 | ---D | M] -- C:\Users\lol\AppData\Roaming\CheckPoint
[2011.04.02 07:59:25 | 000,000,000 | ---D | M] -- C:\Users\lol\AppData\Roaming\EPSON
[2010.06.11 14:48:06 | 000,000,000 | ---D | M] -- C:\Users\lol\AppData\Roaming\GameConsole
[2010.05.24 06:44:49 | 000,000,000 | ---D | M] -- C:\Users\lol\AppData\Roaming\GARMIN
[2011.11.11 17:06:15 | 000,000,000 | ---D | M] -- C:\Users\lol\AppData\Roaming\gtk-2.0
[2011.07.07 05:35:01 | 000,000,000 | ---D | M] -- C:\Users\lol\AppData\Roaming\hdbADS
[2011.11.24 16:56:39 | 000,000,000 | ---D | M] -- C:\Users\lol\AppData\Roaming\MAGIX
[2011.07.07 12:44:08 | 000,000,000 | ---D | M] -- C:\Users\lol\AppData\Roaming\MrJobs
[2010.07.02 11:41:39 | 000,000,000 | ---D | M] -- C:\Users\lol\AppData\Roaming\OpenOffice.org
[2010.09.19 20:24:25 | 000,000,000 | ---D | M] -- C:\Users\lol\AppData\Roaming\PeerNetworking
[2011.08.29 15:20:01 | 000,000,000 | ---D | M] -- C:\Users\lol\AppData\Roaming\Phase6
[2011.06.01 14:14:03 | 000,000,000 | ---D | M] -- C:\Users\lol\AppData\Roaming\PhotoScape
[2010.06.22 05:41:12 | 000,000,000 | ---D | M] -- C:\Users\lol\AppData\Roaming\Tobit
[2011.11.18 20:19:18 | 000,000,000 | -HSD | M] -- C:\Users\lol3\AppData\Roaming\.#
[2010.07.11 15:50:57 | 000,000,000 | ---D | M] -- C:\Users\lol3\AppData\Roaming\CheckPoint
[2011.06.27 14:59:01 | 000,000,000 | ---D | M] -- C:\Users\lol3\AppData\Roaming\DynaGeo
[2011.04.13 06:55:24 | 000,000,000 | ---D | M] -- C:\Users\lol3\AppData\Roaming\EPSON
[2010.11.03 11:18:29 | 000,000,000 | ---D | M] -- C:\Users\lol3\AppData\Roaming\GameConsole
[2011.09.26 16:54:07 | 000,000,000 | ---D | M] -- C:\Users\lol3\AppData\Roaming\MAGIX
[2010.05.25 13:28:55 | 000,000,000 | ---D | M] -- C:\Users\lol3\AppData\Roaming\OpenOffice.org
[2011.09.07 17:19:07 | 000,000,000 | ---D | M] -- C:\Users\lol3\AppData\Roaming\PhotoScape
[2010.12.21 17:41:50 | 000,000,000 | ---D | M] -- C:\Users\lol3\AppData\Roaming\PlayFirst
[2010.05.02 13:23:43 | 000,000,000 | ---D | M] -- C:\Users\lol3\AppData\Roaming\The Games Company
[2010.06.22 16:10:53 | 000,000,000 | ---D | M] -- C:\Users\lol3\AppData\Roaming\Tobit
[2010.12.02 20:07:16 | 000,000,000 | -HSD | M] -- C:\Users\Sixpack\AppData\Roaming\.#
[2011.07.10 08:17:34 | 000,000,000 | ---D | M] -- C:\Users\Sixpack\AppData\Roaming\Blender Foundation
[2010.09.27 09:01:53 | 000,000,000 | ---D | M] -- C:\Users\Sixpack\AppData\Roaming\CheckPoint
[2011.03.13 10:06:10 | 000,000,000 | ---D | M] -- C:\Users\Sixpack\AppData\Roaming\DynaGeo
[2010.04.20 15:16:52 | 000,000,000 | ---D | M] -- C:\Users\Sixpack\AppData\Roaming\GameConsole
[2010.05.07 11:53:41 | 000,000,000 | ---D | M] -- C:\Users\Sixpack\AppData\Roaming\GARMIN
[2011.11.21 21:57:43 | 000,000,000 | ---D | M] -- C:\Users\Sixpack\AppData\Roaming\gtk-2.0
[2011.11.24 16:55:50 | 000,000,000 | ---D | M] -- C:\Users\Sixpack\AppData\Roaming\MAGIX
[2010.04.21 21:02:35 | 000,000,000 | ---D | M] -- C:\Users\Sixpack\AppData\Roaming\OpenOffice.org
[2011.08.29 13:22:29 | 000,000,000 | ---D | M] -- C:\Users\Sixpack\AppData\Roaming\Phase6
[2011.05.31 16:11:26 | 000,000,000 | ---D | M] -- C:\Users\Sixpack\AppData\Roaming\PhotoScape
[2010.05.17 10:43:25 | 000,000,000 | ---D | M] -- C:\Users\Sixpack\AppData\Roaming\Template
[2010.08.21 10:16:57 | 000,000,000 | ---D | M] -- C:\Users\Sixpack\AppData\Roaming\Tobit
[2010.09.24 15:34:27 | 000,000,000 | -HSD | M] -- C:\Users\lol4\AppData\Roaming\.#
[2010.07.11 11:59:37 | 000,000,000 | ---D | M] -- C:\Users\lol4\AppData\Roaming\CheckPoint
[2011.02.16 21:36:13 | 000,000,000 | ---D | M] -- C:\Users\lol4\AppData\Roaming\DynaGeo
[2010.05.03 20:12:37 | 000,000,000 | ---D | M] -- C:\Users\lol4\AppData\Roaming\GameConsole
[2010.06.06 18:08:28 | 000,000,000 | ---D | M] -- C:\Users\lol4\AppData\Roaming\GARMIN
[2010.09.15 16:34:03 | 000,000,000 | ---D | M] -- C:\Users\lol4\AppData\Roaming\MAGIX
[2010.05.01 11:19:17 | 000,000,000 | ---D | M] -- C:\Users\lol4\AppData\Roaming\OpenOffice.org
[2011.07.28 10:14:56 | 000,000,000 | ---D | M] -- C:\Users\lol4\AppData\Roaming\PhotoScape
[2010.09.06 15:58:06 | 000,000,000 | ---D | M] -- C:\Users\lol4\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
[2010.06.01 18:17:06 | 000,000,000 | ---D | M] -- C:\Users\lol4\AppData\Roaming\Template
[2010.12.01 17:24:48 | 000,000,000 | ---D | M] -- C:\Users\lol4\AppData\Roaming\The Games Company
[2010.06.22 11:49:53 | 000,000,000 | ---D | M] -- C:\Users\lol4\AppData\Roaming\Tobit
[2011.08.15 00:00:00 | 000,000,342 | ---- | M] () -- C:\Windows\Tasks\McDefragTask.job
[2011.11.01 08:02:35 | 000,032,640 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
 
< %SYSTEMDRIVE%\*. >
[2011.09.13 15:55:29 | 000,000,000 | -HSD | M] -- C:\$RECYCLE.BIN
[2006.10.10 00:58:54 | 000,000,000 | ---D | M] -- C:\book
[2011.11.24 16:55:57 | 000,000,000 | -H-D | M] -- C:\Config.Msi
[2010.04.20 13:54:54 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen
[2010.08.09 16:27:39 | 000,000,000 | -HSD | M] -- C:\found.000
[2011.03.17 00:06:11 | 000,000,000 | -HSD | M] -- C:\found.001
[2011.07.06 19:16:19 | 000,000,000 | -HSD | M] -- C:\found.002
[2010.10.04 19:58:59 | 000,000,000 | ---D | M] -- C:\Microsoft
[2009.10.17 03:12:55 | 000,000,000 | RH-D | M] -- C:\MSOCache
[2010.08.31 13:52:12 | 000,000,000 | -H-D | M] -- C:\MyWinLockerData
[2011.07.03 13:29:37 | 000,000,000 | ---D | M] -- C:\NVIDIA
[2010.04.20 14:56:25 | 000,000,000 | -H-D | M] -- C:\OEM
[2011.06.23 18:32:02 | 000,000,000 | ---D | M] -- C:\output
[2009.07.14 04:20:08 | 000,000,000 | ---D | M] -- C:\PerfLogs
[2011.10.12 21:55:47 | 000,000,000 | R--D | M] -- C:\Program Files
[2011.11.10 16:37:12 | 000,000,000 | R--D | M] -- C:\Program Files (x86)
[2011.11.09 14:15:30 | 000,000,000 | -H-D | M] -- C:\ProgramData
[2010.04.20 13:54:54 | 000,000,000 | -HSD | M] -- C:\Programme
[2010.04.20 13:54:54 | 000,000,000 | -HSD | M] -- C:\Recovery
[2011.07.03 12:59:14 | 000,000,000 | ---D | M] -- C:\symbols
[2011.11.28 16:34:06 | 000,000,000 | -HSD | M] -- C:\System Volume Information
[2011.11.24 17:42:06 | 000,000,000 | ---D | M] -- C:\tmp
[2011.04.26 11:07:06 | 000,000,000 | ---D | M] -- C:\UBCD4Win
[2011.09.13 15:55:24 | 000,000,000 | R--D | M] -- C:\Users
[2011.07.14 12:13:56 | 000,000,000 | -H-D | M] -- C:\VritualRoot
[2011.11.09 14:15:30 | 000,000,000 | ---D | M] -- C:\Windows
 
< %PROGRAMFILES%\*.exe >
 
< %LOCALAPPDATA%\*.exe >
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.manifest /3 >
 
 
< MD5 for: EXPLORER.EXE  >
[2011.02.26 07:23:14 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=0862495E0C825893DB75EF44FAEA8E93 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_adc24107935a7e25\explorer.exe
[2011.02.26 06:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe
[2009.07.14 02:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_b7fe430bc7ce3761\explorer.exe
[2003.04.02 13:00:00 | 001,007,104 | ---- | M] (Microsoft Corporation) MD5=22B0A56E6C5847292437078B484EC61B -- C:\$RECYCLE.BIN\S-1-5-21-2104053648-4281570344-1924351648-1006\$RMZL1TS\I386\EXPLORER.EXE
[2011.02.26 06:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_b8ce9756e0b786a4\explorer.exe
[2009.10.31 06:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_b819b343c7ba6202\explorer.exe
[2011.02.26 06:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_b816eb59c7bb4020\explorer.exe
[2011.02.25 07:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\explorer.exe
[2011.02.25 07:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe
[2011.02.26 07:14:34 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe
[2010.11.20 13:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe
[2009.08.03 07:19:07 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=700073016DAC1C3D2E7E2CE4223334B6 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_ae84b558ac4eb41c\explorer.exe
[2011.02.25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\SysWOW64\explorer.exe
[2011.02.25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe
[2009.10.31 07:34:59 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=9AAAEC8DAC27AA17B053E6352AD233AE -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_adc508f19359a007\explorer.exe
[2009.08.03 06:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_b8d95faae0af7617\explorer.exe
[2010.11.20 14:24:45 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe
[2009.10.31 07:38:38 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=B8EC4BD49CE8F6FC457721BFC210B67F -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_ae46d6aeac7ca7c7\explorer.exe
[2009.08.03 06:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_b853c407c78e3ba9\explorer.exe
[2009.07.14 02:39:10 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=C235A51CB740E45FFA0EBFB9BAFCDA64 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_ada998b9936d7566\explorer.exe
[2009.10.31 07:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_b89b8100e0dd69c2\explorer.exe
[2011.02.26 07:26:45 | 002,870,784 | ---- | M] (Microsoft Corporation) MD5=E38899074D4951D31B4040E994DD7C8D -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_ae79ed04ac56c4a9\explorer.exe
[2009.08.03 07:17:37 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=F170B4A061C9E026437B193B4D571799 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_adff19b5932d79ae\explorer.exe
 
< MD5 for: REGEDIT.EXE  >
[2009.07.14 02:39:29 | 000,427,008 | ---- | M] (Microsoft Corporation) MD5=2E2C937846A0B8789E5E91739284D17A -- C:\Windows\winsxs\amd64_microsoft-windows-registry-editor_31bf3856ad364e35_6.1.7600.16385_none_5023a70bf589ad3e\regedit.exe
[2009.07.14 02:39:29 | 000,427,008 | ---- | M] (Microsoft Corporation) MD5=8A4883F5E7AC37444F23279239553878 -- C:\Windows\regedit.exe
[2009.07.14 02:14:30 | 000,398,336 | ---- | M] (Microsoft Corporation) MD5=8A4883F5E7AC37444F23279239553878 -- C:\Windows\SysWOW64\regedit.exe
[2009.07.14 02:14:30 | 000,398,336 | ---- | M] (Microsoft Corporation) MD5=8A4883F5E7AC37444F23279239553878 -- C:\Windows\winsxs\wow64_microsoft-windows-registry-editor_31bf3856ad364e35_6.1.7600.16385_none_5a78515e29ea6f39\regedit.exe
[2003.04.02 13:00:00 | 000,141,312 | ---- | M] (Microsoft Corporation) MD5=FD95FFECC4B1FE72597D7FA6AF8C2870 -- C:\$RECYCLE.BIN\S-1-5-21-2104053648-4281570344-1924351648-1006\$RMZL1TS\I386\REGEDIT.EXE
[2003.04.02 13:00:00 | 000,141,312 | ---- | M] (Microsoft Corporation) MD5=FD95FFECC4B1FE72597D7FA6AF8C2870 -- C:\$RECYCLE.BIN\S-1-5-21-2104053648-4281570344-1924351648-1006\$RMZL1TS\I386\SYSTEM32\REGEDIT.EXE
 
< MD5 for: USERINIT.EXE  >
[2010.11.20 13:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe
[2010.11.20 13:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009.07.14 02:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
[2009.07.14 02:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe
[2010.11.20 14:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe
[2010.11.20 14:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe
[2003.04.02 13:00:00 | 000,022,528 | ---- | M] (Microsoft Corporation) MD5=BEBD3F08461F9A88E5ABCE0CB9707000 -- C:\$RECYCLE.BIN\S-1-5-21-2104053648-4281570344-1924351648-1006\$RMZL1TS\I386\SYSTEM32\USERINIT.EXE
 
< MD5 for: WININIT.EXE  >
[2009.07.14 02:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\SysNative\wininit.exe
[2009.07.14 02:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\winsxs\amd64_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_8ce7aa761e01ad49\wininit.exe
[2009.07.14 02:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\SysWOW64\wininit.exe
[2009.07.14 02:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe
 
< MD5 for: WINLOGON.EXE  >
[2010.11.20 14:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe
[2010.11.20 14:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
[2009.07.14 02:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe
[2003.04.02 13:00:00 | 000,521,728 | ---- | M] (Microsoft Corporation) MD5=616896B708286DA98D6A099293F181D7 -- C:\$RECYCLE.BIN\S-1-5-21-2104053648-4281570344-1924351648-1006\$RMZL1TS\I386\SYSTEM32\WINLOGON.EXE
[2009.10.28 08:01:57 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe
[2009.10.28 07:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe
 
< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs >
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Required: DebugWindows [binary data]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Windows: %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
 
< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >
 
< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
 
<           >
 
========== Files - Unicode (All) ==========
[2011.11.06 19:01:19 | 000,000,000 | ---D | M](C:\Users\lol2?\AppData\Roaming\MAGIX) -- C:\Users\lol2♥\AppData\Roaming\MAGIX
[2011.11.06 18:55:16 | 000,000,000 | --SD | M](C:\Users\lol2?\AppData\Roaming\Microsoft) -- C:\Users\lol2♥\AppData\Roaming\Microsoft
[2010.09.11 10:10:04 | 000,000,000 | ---D | M](C:\Users\lol2?\AppData\Roaming\Google) -- C:\Users\lol2♥\AppData\Roaming\Google
[2010.08.17 15:29:05 | 000,000,000 | ---D | M](C:\Users\lol2?\AppData\Roaming\Adobe) -- C:\Users\lol2♥\AppData\Roaming\Adobe
[2010.07.12 14:31:54 | 000,000,000 | ---D | M](C:\Users\lol2?\AppData\Roaming\Avira) -- C:\Users\lol2♥\AppData\Roaming\Avira
[2010.07.10 17:18:53 | 000,000,000 | ---D | M](C:\Users\lol2?\AppData\Roaming\Apple Computer) -- C:\Users\lol2♥\AppData\Roaming\Apple Computer
[2010.07.10 17:18:46 | 000,000,000 | ---D | M](C:\Users\lol2?\AppData\Roaming\CheckPoint) -- C:\Users\lol2♥\AppData\Roaming\CheckPoint
[2010.05.26 15:49:22 | 000,000,000 | ---D | M](C:\Users\lol2?\AppData\Roaming\Nero) -- C:\Users\lol2♥\AppData\Roaming\Nero
[2010.05.01 10:22:15 | 000,000,000 | ---D | M](C:\Users\lol2?\AppData\Roaming\The Games Company) -- C:\Users\lol2♥\AppData\Roaming\The Games Company
[2010.04.24 07:40:57 | 000,000,000 | ---D | M](C:\Users\lol2?\AppData\Roaming\Mozilla) -- C:\Users\lol2♥\AppData\Roaming\Mozilla
[2010.04.23 21:29:47 | 000,000,000 | ---D | M](C:\Users\lol2?\AppData\Roaming\Macromedia) -- C:\Users\lol2♥\AppData\Roaming\Macromedia
[2009.07.14 08:44:38 | 000,000,000 | ---D | M](C:\Users\lol2?\AppData\Roaming\Media Center Programs) -- C:\Users\lol2♥\AppData\Roaming\Media Center Programs
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 147 bytes -> C:\ProgramData\TEMP:4D066AD2
@Alternate Data Stream - 146 bytes -> C:\ProgramData\TEMP:AB689DEA
@Alternate Data Stream - 138 bytes -> C:\ProgramData\TEMP:5D7E5A8F
@Alternate Data Stream - 133 bytes -> C:\ProgramData\TEMP:93DE1838
@Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:0B9176C0
@Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:E3C56885
@Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:E1F04E8D
@Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:ABE89FFE
@Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:444C53BA

< End of report >
         
--- --- ---




wenn ihr noch mehr braucht einfach schreiben
__________________


Geändert von 1234567890 (28.11.2011 um 17:36 Uhr)

Antwort

Themen zu TR/Drop.Fignotok.24 Befall
.dll, aktuelle, antivir, appdata, befall, bytes, cache, datei, folge, free, fund, google, hallo zusammen, mas, modus, namen, nt.dll, programm, quarantäne, service, temp, tr/drop.fignotok.24, trojaner, trojaner eingefangen, trojanische, trojanische pferd, windows, windows 7



Ähnliche Themen: TR/Drop.Fignotok.24 Befall


  1. Befall mit TR/Drop.Sirefef.G.25 und TR/Kazy.173253.7. Unterstützung bei der Bereinigung erbeten.
    Plagegeister aller Art und deren Bekämpfung - 01.06.2013 (19)
  2. GVU Trojaner-Problem!(Exploit.Drop.GS;Exploit.drop.GSA;trojan.ransom.SUGen;--->Malwarebytes-Funde)
    Plagegeister aller Art und deren Bekämpfung - 02.03.2013 (6)
  3. GVU Virus - runctf.lnk (im Autostart), wgsdgsdgdsgsd.dll (Exploit.Drop.GS), dsgsdgdsgdsgw.pad (Exploit.Drop.GSA) und dsgsdgdsgdsgw.js
    Plagegeister aller Art und deren Bekämpfung - 02.01.2013 (3)
  4. Nach Befall von Exploit.Drop.GS und Trojan.PWS - Pc trotz angeblicher erfolgreicher Bereinigung immer noch langsam
    Plagegeister aller Art und deren Bekämpfung - 02.10.2012 (32)
  5. TR/Drop.Injector.fonv.1, TR/Drop.Injector.fnus.1, EXP/2012-1723.DG.1
    Plagegeister aller Art und deren Bekämpfung - 23.08.2012 (17)
  6. Benötige OTL-Log Auswertung nach Exploit.Drop.2-Befall
    Log-Analyse und Auswertung - 09.04.2012 (23)
  7. TrojanDropper:Win32/Fignotok über Facebook Link
    Plagegeister aller Art und deren Bekämpfung - 06.12.2011 (19)
  8. Nach klicken auf Facebooklink Viren TR/Injector.ACk und TR/Drop.Fignotok.A.11
    Log-Analyse und Auswertung - 16.10.2011 (3)
  9. Vorgang nach W32/Ramnit.C und HTML/Drop.Agent Befall?
    Plagegeister aller Art und deren Bekämpfung - 06.05.2011 (1)
  10. Ramnit.C & HTML/Drop.Agent.AB gefunden; erst Ruhe, nun vereinzelte Meldungen - Befall?
    Log-Analyse und Auswertung - 03.04.2011 (15)
  11. Befall mit TR/Drop.Agen.ascd.1 und/oder PUP.Dealio?
    Log-Analyse und Auswertung - 13.01.2011 (7)
  12. TR/PSW.FIGNOTOK.F unlöschbar ?
    Plagegeister aller Art und deren Bekämpfung - 13.10.2010 (5)
  13. Trojaner gefunden: TR/Drop.fra.2168720', TR/Drop.fra.2168720' u 'TR/Dldr.Client.kiu
    Plagegeister aller Art und deren Bekämpfung - 09.08.2009 (3)
  14. TR/Crypt.XPACK.Gen'/ TR/Drop.Agent.qkm/ TR/Drop.Mudr.CY.305...alles seit heut morgen!
    Plagegeister aller Art und deren Bekämpfung - 06.04.2009 (8)
  15. TR/Drop.Delf.cip; TR/Drop.Delf.cio; BkCln.Unknown
    Plagegeister aller Art und deren Bekämpfung - 17.01.2009 (13)
  16. Trojanerfund Drop.Agent.dgo.8 und Drop.Agent.dgo.21
    Log-Analyse und Auswertung - 03.01.2008 (5)
  17. Troja Befall? (TR/Spy.Ardamax.H.5 + KIT/Drop.Ag.2015003)
    Log-Analyse und Auswertung - 18.06.2007 (2)

Zum Thema TR/Drop.Fignotok.24 Befall - Hallo zusammen, ich hab mir irgendwo ein Trojaner eingefangen, denn AntiVir entdeckt hat. Ich hab den jetzt erstmal in Quarantäne verschoben. Hier ist schonmal der AntiVir Report: Avira AntiVir Personal - TR/Drop.Fignotok.24 Befall...
Archiv
Du betrachtest: TR/Drop.Fignotok.24 Befall auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.